Slashdot Mirror
Congress to Investigate ChoicePoint
twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."
It is unlikely anyone can know for sure how much leaked. I believe it happened that they traced some identify theft back to a fictitous company that paid for access to choice point. During this investigation they found other fictitous companies registered with choice point. Do they know all the queries made by the fictitous companies? possible... Have they found all the fictitous companies?
The Washington Post has an article(reg required) today about Beth Plowman, a Damascus international public health adviser, was shocked when she discovered that a $27,240 arbitration judgment had been levied against her for credit card charges incurred by an identity thief who bought sporting goods all across Europe.
I do a lot of computer security work in my area, and trust me when I say that many, many places have either no or woefully inadequate security present.
One place I did a job for actually had a symbol AP in the ceiling of the factory, login: Symbol, pass: (blank) and unencrypted transfers. The domain admin acct (win2k) had no password, and guest was active. They also bungled up a RAS so that anybody that knew that number had "root".
Those were just external security issues.. It took 50 hours to barely fix their problems.
Still, problems are abound just like that: No or bad security. Many times, it has to do with plain laziness, not thinking anybody cares about us, just not knowing, or trying to do security and maintainence without understanding.
Another amazing this is how well modem-scanners work these days... Back in the day, all the security nuts cared about dial-back and other things... Now, everybody thinks of always-on internet so you need a firewall. Not so. Many machines have dialup gateways or interfaces in which most are just not configured. Even (to my knowledge, I use freeBSD and linux) Windows RAS server has dialback capability.
Now, why Congress wants to scrutnize them, well.. Wonder if they've secured THEIR wireless network since I was in DC...
Choicepoint CEO personal info here.
Schneier wrote about this in his blog.
...just my 2 gil.
The federal government.
There are many "baskets" like Choicepoint.
Now before I get modded down, I be to remind whoever might read this that what I am saying is FACT. - bogaboga
ChoicePoint data theft widens to 145,000 people
Class action lawsuits were essentially outlawed by the Rupublican Congress and President Bush this week. Nobody will ever get any damages from Choicepoint.
No electrons were harmed creating this post, though some may have been subjected to electrical and/or magnetic fields.
"never gave your company permission to use any public record that belongs to me in a profiteering method."
That's because you don't have the authority to give that permission. Public records belong to the public.
Bill Clinton: Pimp we can believe in. - The Shirt!!!
Thirteen execs, three traders, and two accountants have been endicted.
You can't just round up a lynch mob for these kinds of crimes. First, you plea bargain with the little fish so you have plenty of evidence to use against the big fish. its common practice in any attempt to bring a down an organized criminal establishment, which is basically what the higher levels of Enron were.
Choicepoint is the firm that Katherine Harris, who simultaneously served in the Bush campaign and as head vote-counter in Florida (no other democracy allows that, by the way), used to come up with a felon list.
Wrong. Choicepoint was contracted to generate the list before Katherine Harris was in office. And they were hired by a woman named Ethel Baxter, who is a Democrat.
The list included thousands of blacks who weren't eligible to vote (at least 5,000).
Good. That was the goal- to identify the people that were ineligible. Like it or not, but Florida is one of a handful of states that do not allow convicted felons to vote. This felon list was generated to fulfull some of the requirements of a 1998 Florida statute passed by the legislature in response to problems with voter fraud during a 1996 mayoral election.
It was set up to disenfranchise everyone who had a similar name (even first initial and last name) as a felon.
The list was not "set up" to disenfranchise anybody. The Florida law that required the list was designed for an imperfect list. It clearly placed the burdon of verifying the names on the 67 individual county election supervisors. Oh, and white people were twice as likely as black people to be erroneously included in the list.
Considering that blacks voted 90-10 for Gore and that Bush only won the state (officially) by 537 votes, Bush owes his presidency to Choicepoint.
Bull crap. The USCCR was unable to identify a single voter that was incorrectly prevented from voting because of the felon list.
"The defense of freedom requires the advance of freedom" - George W Bush
You're assuming there was an accident, and that he was at fault. CLUE (Comprehensive Loss Underwriting Exchange) reports are reports containing CLAIMS information provided by cooperating insurance companies
You explained it better then I could. In my instance I was driving home from work in lousy weather and got run off the road by a snowplow. My choice was to hit the snowplow (in a Dodge Neon) or hit the guardrail. I called the police but was informed that it would take them over an hour to get to me so I choose to proceed without a police report.
The bottom line being that there was no information of public record from this accident. And when I talked on the phone to the CSR from my parents insurance company I certainly don't recall giving her permission for them to disclose my information to Choicepoint. If they wanted to report the fact that my parents had a claim then fine (I'm sure they signed something when they bought the policy saying that their carrier could do this) -- but they had no right to include my SSN and NYS DMV id number on that report. I signed nothing for the claim (my interaction with them was limited to the aforementioned phone call) and I certainly signed nothing that authorized them to release my information. Yet I am told by my lawyer and by Choicepoint that I can't do a damn thing about it.
Your summary of CLUE reports was dead on BTW. Insurance companies love them -- most independent agents hate them. We also hate credit reports being used for underwriting - as a quick example without going too far off topic: My girlfriend has had a lousy run with accidents and tickets lately. She has a speeding >20mph, a following too close (with accident) and a traffic device (with accident) tickets. She also had a license suspension (too many points) back in November. Yet she gets into a better rating tier then I do with the exact same insurance company because her credit is better then mine. I've had one ticket in my entire time behind the wheel (missed a no u-turn sign) and the aforementioned accident. I have never filed a claim on my own policy (aforementioned accident was parents car). I also have three years more experience and a defensive driver course. Which one of us is more likely to get into an accident? Yet who pays more for his policy -- without the physical damage coverage that she carries?
Damn the man I say.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
ChoicePoint/DBT originally produced a list of about 8000 voters to remove from the electoral rolls. Katherine Harris got back to them and told them to widen the net - by omitting a few data integrity requirements, such as middle names, dates of birth, and dates and details of their convictions - and assured ChoicePoint that they needn't worry about the number of false positives in the list. This increased the size of the list to about 58,000 voters, more than half of whom were African-Americans.
When the fraud was officially investigated, ChoicePoint admitted to a false-positive rate of up to 15%, which was already far in excess of Bush's lead in the Florida poll. Later, an independent investigation showed an error rate of more than 90% - some 55,000 voters, some 30,000 of whom were black.
This is a flat-out lie. Read some first-hand accounts of voter disenfranchisement for yourselves. Voters were erroneously scrubbed from the electoral roll, were not adequately notified in advance, tried to vote anyway and were turned away - simple as that.It's surprising how many people don't know this when it's actually very well documented; in fact, the story broke long before the election actually took place. My suggestion to the doubters is to watch Unprecedented: The 2000 Presidential Election , a very thorough documentary on the topic.
Attack its weak point for massive damage!
Have a look at the actual disenfranchizing list (annotated fragment), and keep trying to let these scumbags off the hook.
--
make install -not war
By ROBERT LUKE, MATT KEMPNER
The Atlanta Journal-Constitution
Published on: 02/25/05
Thirteen days after the arrest of a suspect in the ChoicePoint identity theft case -- and more than three months before the problem surfaced publicly -- the company's top two executives began selling their stock.
Since the sales began in November, ChoicePoint CEO Derek Smith and President Douglas Curling have sold 472,000 ChoicePoint shares worth nearly $21 million, according to the executives' Securities and Exchange Commission filings.
Smith said Thursday that he did not know about the security breach at the Alpharetta-based company until well after he began selling the stock. Curling was not available for comment Thursday.
The stock sales -- for what the executives described as estate planning and asset diversification -- continued this week, even as ChoicePoint's shares began to tumble nearly 10 percent. The identity theft was disclosed publicly only last week.
ChoicePoint chief marketing officer James Lee said outside advisers suggested continuing with the trading program. "Their advice is that the program is fine, even in light of the recent events," he said.
"If you are trying to make the case that this is somehow insider trading, you are going down the wrong road," Lee said.
The selling of stock by Smith, the CEO, and Curling, the company's president, normally wouldn't raise eyebrows, since the sales were part of a prearranged stock trading plan allowed under SEC rules.
Lee said ChoicePoint's board approved the stock trading plan on Oct. 26, the day before police in Los Angeles -- after being tipped off by ChoicePoint -- made their only arrest in a case that has become the biggest security breach in the company's history. ChoicePoint is notifying about 145,000 people that their personal information -- possibly including their Social Security numbers and credit reports -- may have been sold to identity thieves.
Smith and Curling have been selling shares of their company's stock weekly since Nov. 9, when their Rule 10b5-1 trading plans took effect. The plans expire in April.
SEC inquiry likely
In an interview with Journal-Constitution reporters Thursday, Smith said he first found out about the identity theft problem in late December or January, which would be about two months after the company notified California law enforcement officials.
Smith said his stock sales aren't inappropriate.
"I didn't do anything that I had any belief that was inappropriate or whatever," he said. "To the extent that it gives any impression of anything that I knew or the company knew that would have weighted on the value of the stock, then that would be unfortunate. Because it certainly isn't true."
A lawyer familiar with the enforcement of federal securities laws thinks an inquiry by the Securities and Exchange Commission is inevitable.
"Even with this public statement that he did not know until January about the problems in California does not mean that the SEC will not ask questions anyway," said Jacob S. Frenkel, chairman of the securities enforcement and white-collar practice at the Shulman, Rogers, Gandal, Pordy & Ecker law firm in Rockville, Md.
"The SEC will not only ask him, but they also will ask everybody who knew about the information, including what they told others and when they told them," said Frenkel, a former SEC enforcement lawyer and federal prosecutor. "They are going to look at anybody who may have traded the stock."
Smith said he has not been contacted by the SEC about the stock sales.
Smith and Curling have sold about 64 percent of the total 737,380 shares they have until April to sell under the plan, after exercising employee stock options permitting them to acquire the shares at various prices. The prices they paid for the stock were significantly below the market price at the time of sale, allowing the executives to make significan
I'm not tense. I'm just terribly, terribly, alert.
I would expect that his group of people would know by now not to take everything they read in the news at face value. Since that does not seem to be the case, I would just like to correct several errors of fact in this blurb about the ChoicePoint incident. First of all, ChoicePoint did not get hacked. There was no breach of our network and no internal or customer information was compromised. Second, ChoicePoint is not a private firm; we are a public company and trade on NYSE as CPS. Third, I think it erroneous to call this a 'scandal' as ChoicePoint did nothing illegal. We ourselves were a victim of fraud, and we are working very closely with law enforcement to continue to track down and prosecute the perpetrators of this crime. Finally, we ourselves are, and have been for years, encouraging a national discussion on this industry and strongly support independent regulation.
h tml
As others have mentioned, we have notified about 145,000 people nationwide that their information might have been compromised and we have, at our own expense, purchased tri-bureau credit reports and a one year credit monitoring service for each of them. We also, as our CEO has said in interview, are not ruling anything out in terms of what we may do to further assist those who do fall victims of identity theft. Please, if you have more questions on what is going on and what ChoicePoint is doing about it please visit http://www.choicepoint.com/news/statement_0205_1.
A couple other bits of note:
There are laws in place, namely the FCRA (Federal Fair Credit Reporting Act), that do already regulate what constitutes permissible purposes for information to be disclosed. We operate very strictly by these regulations already in place. In addition, the FACT Act, which went into effect in 2004, mandates that consumers may obtain free copies of their reports and may, as they always have been able to, contest items they believe to be inaccurate. You can visit www.choicetrust.com to review your personal records kept by ChoicePoint.
And for those of you who are interested in some of the work ChoicePoint does to fulfill our vision of creating a safer and more secure society through the responsible use of information:
-We, as previously noted, operate the CLUE (Comprehensive Loss Underwriting Exchange) database to which insurance underwriters contribute claims data so that they can more accurately assess risk to keep premiums low.
-We operate Volunteer Select, a service for non profit organizations. Background checks may be purchased at cost (ChoicePoint makes no profit) on volunteers to ensure that a convicted child molester two weeks out of jail will not be able to volunteer to work with young children (a real example).
-We operate ChoicePoint Cares which funds DNA testing to solve cold cases and process rape kits that local municipalities cannot afford to process on their own. Our funding has lead to several convictions and has helped to free those wrongly imprisoned.
-We operate ADAM an alert program that had lead to the safe return of more than 800 missing and kidnapped children.